Policies
resource cloudflare_zero_trust_access_policy
required Expand Collapse
optional Expand Collapse
Requires the user to request access from an administrator at the start of each session.
Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
A custom message that will appear on the purpose justification screen.
Require users to enter a justification when they log in to the application.
connection_rules?: AttributesThe rules that define how users may connect to targets secured by your application.
The rules that define how users may connect to targets secured by your application.
mfa_config?: AttributesConfigures multi-factor authentication (MFA) settings.
Configures multi-factor authentication (MFA) settings.
The amount of time that tokens issued for the application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
exclude?: Set[Attributes]Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
auth_method?: Attributes
The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
include?: Set[Attributes]Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
auth_method?: Attributes
The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
require?: Set[Attributes]Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
auth_method?: Attributes
The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
cloudflare_zero_trust_access_policy
resource "cloudflare_zero_trust_access_policy" "example_zero_trust_access_policy" {
account_id = "023e105f4ecef8ad9ca31a8372d0c353"
decision = "allow"
include = [{
group = {
id = "aa0a4aab-672b-4bdb-bc33-a59f1130a11f"
}
}]
name = "Allow devs"
approval_groups = [{
approvals_needed = 1
email_addresses = ["test1@cloudflare.com", "test2@cloudflare.com"]
email_list_uuid = "email_list_uuid"
}, {
approvals_needed = 3
email_addresses = ["test@cloudflare.com", "test2@cloudflare.com"]
email_list_uuid = "597147a1-976b-4ef2-9af0-81d5d007fc34"
}]
approval_required = true
connection_rules = {
rdp = {
allowed_clipboard_local_to_remote_formats = ["text"]
allowed_clipboard_remote_to_local_formats = ["text"]
}
}
exclude = [{
group = {
id = "aa0a4aab-672b-4bdb-bc33-a59f1130a11f"
}
}]
isolation_required = false
mfa_config = {
allowed_authenticators = ["totp", "biometrics", "security_key"]
mfa_disabled = false
session_duration = "24h"
}
purpose_justification_prompt = "Please enter a justification for entering this protected domain."
purpose_justification_required = true
require = [{
group = {
id = "aa0a4aab-672b-4bdb-bc33-a59f1130a11f"
}
}]
session_duration = "24h"
}
data cloudflare_zero_trust_access_policy
computed Expand Collapse
Requires the user to request access from an administrator at the start of each session.
The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action.
Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
A custom message that will appear on the purpose justification screen.
Require users to enter a justification when they log in to the application.
The amount of time that tokens issued for the application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.
connection_rules: AttributesThe rules that define how users may connect to targets secured by your application.
The rules that define how users may connect to targets secured by your application.
exclude: Set[Attributes]Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
auth_method: Attributes
The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
include: Set[Attributes]Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
auth_method: Attributes
The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
mfa_config: AttributesConfigures multi-factor authentication (MFA) settings.
Configures multi-factor authentication (MFA) settings.
require: Set[Attributes]Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
auth_method: Attributes
The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
cloudflare_zero_trust_access_policy
data "cloudflare_zero_trust_access_policy" "example_zero_trust_access_policy" {
account_id = "023e105f4ecef8ad9ca31a8372d0c353"
policy_id = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
}
data cloudflare_zero_trust_access_policies
computed Expand Collapse
result: List[Attributes]The items returned by the data source
The items returned by the data source
Requires the user to request access from an administrator at the start of each session.
connection_rules: AttributesThe rules that define how users may connect to targets secured by your application.
The rules that define how users may connect to targets secured by your application.
The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action.
exclude: Set[Attributes]Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
auth_method: Attributes
The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
include: Set[Attributes]Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
auth_method: Attributes
The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
mfa_config: AttributesConfigures multi-factor authentication (MFA) settings.
Configures multi-factor authentication (MFA) settings.
A custom message that will appear on the purpose justification screen.
Require users to enter a justification when they log in to the application.
require: Set[Attributes]Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
auth_method: Attributes
The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.
cloudflare_zero_trust_access_policies
data "cloudflare_zero_trust_access_policies" "example_zero_trust_access_policies" {
account_id = "023e105f4ecef8ad9ca31a8372d0c353"
}